CVE-2014-3391

Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:S/C:C/I:C/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
ciscoadaptive_security_appliance_software
8.7.8
ciscoadaptive_security_appliance_software
8.2.0.45
ciscoadaptive_security_appliance_software
8.2.1
ciscoadaptive_security_appliance_software
8.2.1.1
ciscoadaptive_security_appliance_software
8.2.2
ciscoadaptive_security_appliance_software
8.2.2.10
ciscoadaptive_security_appliance_software
8.2.2.12
ciscoadaptive_security_appliance_software
8.2.2.16
ciscoadaptive_security_appliance_software
8.2.2.17
ciscoadaptive_security_appliance_software
8.2.3
ciscoadaptive_security_appliance_software
8.2.4
ciscoadaptive_security_appliance_software
8.2.4.1
ciscoadaptive_security_appliance_software
8.2.4.4
ciscoadaptive_security_appliance_software
8.2.5
ciscoadaptive_security_appliance_software
8.2.5.13
ciscoadaptive_security_appliance_software
8.2.5.22
ciscoadaptive_security_appliance_software
8.2.5.26
ciscoadaptive_security_appliance_software
8.2.5.33
ciscoadaptive_security_appliance_software
8.2.5.40
ciscoadaptive_security_appliance_software
8.2.5.41
ciscoadaptive_security_appliance_software
8.2.5.46
ciscoadaptive_security_appliance_software
8.2.5.48
ciscoadaptive_security_appliance_software
8.2.5.50
ciscoadaptive_security_appliance_software
8.3.1
ciscoadaptive_security_appliance_software
8.3.1.1
ciscoadaptive_security_appliance_software
8.3.1.4
ciscoadaptive_security_appliance_software
8.3.1.6
ciscoadaptive_security_appliance_software
8.3.2
ciscoadaptive_security_appliance_software
8.3.2.4
ciscoadaptive_security_appliance_software
8.3.2.13
ciscoadaptive_security_appliance_software
8.3.2.23
ciscoadaptive_security_appliance_software
8.3.2.25
ciscoadaptive_security_appliance_software
8.3.2.31
ciscoadaptive_security_appliance_software
8.3.2.33
ciscoadaptive_security_appliance_software
8.3.2.34
ciscoadaptive_security_appliance_software
8.3.2.37
ciscoadaptive_security_appliance_software
8.3.2.39
ciscoadaptive_security_appliance_software
8.3.2.40
ciscoadaptive_security_appliance_software
8.3.2.41
ciscoadaptive_security_appliance_software
8.4.1
ciscoadaptive_security_appliance_software
8.4.1.3
ciscoadaptive_security_appliance_software
8.4.1.11
ciscoadaptive_security_appliance_software
8.4.2
ciscoadaptive_security_appliance_software
8.4.2.1
ciscoadaptive_security_appliance_software
8.4.2.8
ciscoadaptive_security_appliance_software
8.4.3
ciscoadaptive_security_appliance_software
8.4.3.8
ciscoadaptive_security_appliance_software
8.4.3.9
ciscoadaptive_security_appliance_software
8.4.4
ciscoadaptive_security_appliance_software
8.4.4.1
ciscoadaptive_security_appliance_software
8.4.4.3
ciscoadaptive_security_appliance_software
8.4.4.5
ciscoadaptive_security_appliance_software
8.4.4.9
ciscoadaptive_security_appliance_software
8.4.5
ciscoadaptive_security_appliance_software
8.4.5.6
ciscoadaptive_security_appliance_software
8.4.6
ciscoadaptive_security_appliance_software
8.4.7
ciscoadaptive_security_appliance_software
8.4.7.3
ciscoadaptive_security_appliance_software
8.4.7.15
ciscoadaptive_security_appliance_software
8.4.7.22
ciscoadaptive_security_appliance_software
8.7.1
ciscoadaptive_security_appliance_software
8.7.1.3
ciscoadaptive_security_appliance_software
8.7.1.4
ciscoadaptive_security_appliance_software
8.7.1.7
ciscoadaptive_security_appliance_software
8.7.1.11
ciscoadaptive_security_appliance_software
8.7.1.13
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa